1. Field of the Invention
The present invention generally relates to the field of networks. More particularly, the present invention relates to the field of network security.
2. Related Art
Computer systems and other electronic systems or devices (e.g., personal digital assistants, cellular phones, etc.) have become integral tools used in a wide variety of different applications, such as in finance and commercial transactions, computer-aided design and manufacturing, health care, telecommunication, education, etc. Computers along with other electronic devices are finding new applications as a result of advances in hardware technology and rapid development in software technology. Furthermore, the functionality of a computer system or other type of electronic system is dramatically enhanced by coupling these stand-alone electronic systems together to form a networking environment. Within a networking environment, users may readily exchange files, share information stored on a common database, pool resources, and communicate via electronic mail (e-mail) and via video teleconferencing.
In a network environment, there are three basic techniques used to achieve mutual authentication between two parties, whereas each party is an electronic system within the networked environment such as a wireless client electronic system or a network access point electronic system. In the first basic technique, public key cryptography is used. According to public key cryptography, the two parties sign (i.e., provide a digital signature for) a message using their respective private keys, while they authenticate (i.e., verify the origin of) the message using the other party""s public key. In the second basic technique, the two parties hold a shared secret. Each party signs a message using the shared secret, while the other authenticates the message using the shared secret. In the third basic technique, the two parties hold a shared secret with a third-party such as an authentication authority. Each party signs the message using the third-party shared secret. The message is forwarded to the third party by the receiving party for verification or transformation. When the third-party verifies, it simply tells the receiving party whether the message is authentic. When the third-party transforms, it re-signs the message with the receiving party""s shared secret, returning it to the receiving party for verification.
Each of the three basic techniques has its strengths and weaknesses. From a purely security perspective, implementing public key cryptography is preferred over the other basic techniques. However, public key cryptography requires a significant public key infrastructure. For particular applications that do not need this public key infrastructure for other purposes (e.g., IPSec), deployment of the public key infrastructure can create a significant market barrier to prospective customers of network environment equipment.
The next preferred basic technique from a security perspective implements a secret shared between two parties. This basic technique is inferior to public key cryptography because signing a message with such a shared secret does not actually authenticate the sender of the message. This basic technique just raises the receiving party""s confidence that the sender of the message knows the shared secret. This may seem like an insignificant distinction, but there are certain types of attacks against authentication protocols by using shared secrets (e.g., reflection attacks) that complicate those authentication protocols.
The third basic technique, i.e., implementing secrets shared with a third-party, is the least attractive from a security perspective. However, the third basic technique is, in many cases, the most attractive approach from a management and deployment point of view. The use of public key cryptography and shared secrets imposes non-trivial administration burdens on the deploying organization. As previously indicated, public key cryptography normally requires the deployment of a Public Key Infrastructure, which is costly from an initial investment as well as an operational perspective. Pair wise shared secrets require extensive management of those keys, since each sending party must obtain, store, and manage (e.g., revoke) the keys shared will all other parties in the network environment. When implementing secrets shared with a third party, each party need only obtain and store one key. Many secret key management functions can be centralized in the third-party itself.
Mutual authentication of two parties becomes important when they use Diffie-Hellman key agreement protocol to exchange an encryption key. For example, in wireless communications a network access point electronic system (AP) and a wireless client electronic system (WC) may use Diffie-Hellman to establish a cryptographically protected channel between them, so that wireless communications between the AP and the WC are protected. However, the Diffie-Hellman key agreement protocol is susceptible to a man-in-the-middle attack.
Therefore, what is needed is a method and system for performing an authenticated Diffie-Hellman key agreement protocol over a network where the communicating parties share a secret key with a third party.
Accordingly, the present invention provides a method and system for performing an authenticated Diffie-Hellman key agreement protocol over a network where the communicating parties share a secret key with a third party. In one embodiment, the network is a wireless network, wherein a wireless client electronic system and a network access point electronic system are the parties executing the authenticated Diffie-Hellman key agreement protocol. In this embodiment, the wireless client electronic system and the network access point electronic system exchange a shared secret key for encrypting wireless communications between the wireless client electronic system and the network access point electronic system. In one embodiment, the wireless client electronic system shares a first secret key with a RADIUS server of the network. Similarly, the network access point electronic system shares a second secret key with the RADIUS server of the network. The first and second secret keys are utilized for performing an authentication protocol.
According to one embodiment, the wireless client electronic system signs (with the first secret key) a first message containing a first variable for the Diffie-Hellman key agreement protocol. The message from the wireless client electronic system also includes a first identifier corresponding to the wireless client electronic system, whereas xe2x80x9csignxe2x80x9d refers to generating a message authentication code which is then coupled to the message. The wireless client electronic system transmits the first message to the network access point electronic system.
The network access point electronic system signs (with the second secret key) a second message containing a second variable for the Diffie-Hellman key agreement protocol and a second identifier corresponding to the network access point electronic system. The network access point electronic system transmits the first message and the second message to the RADIUS server.
The RADIUS server authenticates the first message and the second message, utilizing the first identifier and the second identifier to retrieve the first secret key and the second secret key from a memory storage location. If the authentication is successful, the RADIUS server re-signs (with the first secret key) the second message and re-signs (with the second secret key) the first message. The RADIUS server transmits the re-signed first message and the re-signed second message to the network access point electronic system.
The network access point electronic system authenticates the re-signed first message and generates the shared secret key for encrypting communications if the authentication protocol is successful. If the authentication protocol is successful, the network access point electronic system transmits the re-signed second message to the wireless client electronic system. An authentication protocol is then performed by the wireless client electronic system and the shared secret key for encrypting communications is generated by the wireless client electronic system if the authentication protocol is successful.
Hence, the authenticated Diffie-Hellman key agreement protocol of the present invention avoids the man-in-the-middle attack. In addition, the authenticated Diffie-Hellman key agreement protocol of the present invention implements an authentication protocol requiring each wireless client electronic system and each network access point electronic system to manage no more than one secret key for authentication purposes.
These and other advantages of the present invention will no doubt become apparent to those of ordinary skill in the art after having read the following detailed description of the preferred embodiments which are illustrated in the drawing figures.